The need for “Zero Trust” today is no longer the same as what we talked about years ago when the term was first coined. Back then, businesses only had a handful of remote workers signing in to the corporate network. The common wisdom of the day dictated that you couldn’t implicitly trust the authentication of those remote users any longer because they weren’t on the company LAN and the common solution was installing two-factor authentication.
Gartner Hype Cycle started as a graphical representation method to represent the adoption, evolution, and maturity of new emerging technologies. Over time, it has now transformed into a highly potent and reliable powerhouse of smart insights into how emerging technologies will evolve in the future. Apart from offering insights into the evolution of the new and emerging technologies in the coming years, the Hype Cycle also paves way for smart investments in various technologies and market intelligence to choose the best tools for mid-market and enterprises on emerging technologies.
Every year, more than 34 percent of organizations worldwide are affected by insider threats. For that reason, cybersecurity needs to be a priority and concern for each employee within an organization, not only the upper-level management team and IT professionals. Employees tend to be the weakest link in an organization’s security posture, often clicking on malicious links and attachments unintentionally, sharing passwords, or neglecting to encrypt sensitive files. An effective way to educate employees on the importance of security is through a cybersecurity policy that explains each employee’s responsibilities for protecting systems and data within the organization.
If you’re looking for a free network discovery tool, you’ve probably heard of Nmap. Nmap, short for Network Mapper, is a multi-purpose tool commonly used for penetration testing to give you a granular view of your network’s security. Its capabilities extend to collecting information and enumeration and detect vulnerabilities and security loopholes. You can also use the tool to find live hosts on a network, perform operating system (OS) detection, traceroute, version detection, ping sweeps, and carry out port scanning. Precisely why Nmap is also known as the sysadmin’s Swiss Army knife.
Believed active since mid-2020, Conti is a big game hunter ransomware threat operated by a threat group identified as Wizard Spider and offer to affiliates as a ransomware-as-a-service (RaaS) offering. Following the lead of other big game hunter ransomware groups, Conti adopted the double extortion tactic, also known as 'steal, encrypt and leak', in order to apply additional pressure on victims to pay their ransom demands and avoid sensitive or confidential data being exposed.
Our first two guests on the Identity Brief Podcast came to identity through unconventional means. Ori Eisen saw digital identity and passwordless authentication as a way to fight the fraud he had witnessed while working at a large bank. Ari Jacoby realized that contextual identity and authentication data was a powerful tool to fight fraud at Deduce where he saw bots and fraudsters trying to gain an advantage. Our latest guest got into the identity game after learning how to exploit systems as an ethical hacker and found humanity in the technology along the way.
Whether your organization is ready to deploy its first security information and event management (SIEM) solution or you’re looking to upgrade to a modern, next-gen cloud-native SIEM, the number and types of tools available in the market can be overwhelming. This post will help you choose the right vendor and best SIEM tools for your business needs. SIEM tools have been available for about 15 years, but like most technologies, there has been a great deal of evolution and innovation over that time. That’s good because there certainly has been constant evolution and innovation by cyberthreat actors and the tools they use to compromise systems, steal or destroy data, or hold it for ransom.
In today’s corporate environment, business is predominantly conducted online. Most organizations have a website or some type of web application that functions as the hub of their online operations.In today’s corporate environment, business is predominantly conducted online. Most organizations have a website or some type of web application that functions as the hub of their online operations. Business websites and online applications are necessary for an abundance of important functions — marketing, sales, branding, and much more. If your website is attacked and forced to go down, the impact on your business can be significant.
The SANS 2021 Top New Attacks and Threat Report is now available for download, covering the security trends and top threats to watch for as the world emerges from the pandemic. Presented at the SANS threat expert panel discussion held during the RSAConference 2021 Virtual Experience, the top attack category the report highlights is supply chain attacks – and with good reason.
Infrastructure as code is a key concept in DevOps for cloud deployments. Learn how to secure it using Rapid Scan SAST. It was not long ago when we needed to submit an IT support ticket to help launch infrastructure configurations (virtual machines, networks configurations, load balancers, databases, etc.) every time we needed to deploy a new application. It worked when we needed those less frequently, but it was not easily scalable. And you might remember the reproducibility hassles as well: “This application worked on my system, but how is it failing on yours?”
A recent study reveals that cybercrime costs the world economy more than $1 trillion, a more than 50 percent increase from 2018. Damage to companies also includes downtime, brand reputation, and reduced efficiency. Besides installing anti-malware software to protect against cyberattacks, however, there is other security software to consider. One option is a SIEM (Security Information and Event Management) solution. SIEMs provide centralized management for security information and events, detecting and managing security incidents, and correlating data from multiple sources.
Are you an organization that operates a Bulk Power System (BPS) in the United States? If so, you understand the need to comply with the Critical Infrastructure Protection (CIP) standards. Developed by the North American Electric Reliability Corporation (NERC), CIP is a set of requirements through which in-scope entities can protect themselves against digital attacks, thereby strengthening the reliability of the U.S. electric grid overall.
Over the past year and half, we have been glued to our computers, attending back-to-back Zoom meetings and trying to find a “new” work-life balance at home. Blurring work-life boundaries have led to higher stress, isolation, and burn-out. As a result, people have had a lot of time to think and reflect on their lives. Prior to the pandemic, people made work the center of their lives and identities – a reality that has shifted. The new reality is people want a life that has purpose outside of work. Combined with the abundance of stimulus checks, unemployment benefits, and flexible remote work schedules, people have accelerated their need for change.
The Veriato podcast guest for this month is Michael Owens, the Business Information Security Officer at Equifax and an all around rockstar when it comes to cybersecurity. He joins Dr. Christine Izuakor to discuss how supply chains are like the "soft underbelly" to gain access to otherwise secure enterprise systems.
IoT devices are ubiquitous in our daily lives—whether it’s at home with connected home automation devices, or at work with connected factories, hospitals, and even connected cars. According to Gartner, there were over 20 billion IoT devices in 2020. As businesses globally over the past decade have transformed their processes with more embedded IoT-driven intelligence, these billions of connected devices have also become a soft target for cyber criminals.
In its Interagency Report 7695, the National Institute of Standards and Technology (NIST) defined an application as “a system for collecting, saving, processing, and presenting data by means of a computer.” This broad term covers enterprise applications, consumer applications, and even phone apps. Security is important in all these types of applications, but the focus is not always the same. Let’s explore how below.
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published comprehensive recommendations for strengthening the security of an organization’s Kubernetes system to help companies make their Kubernetes environment more difficult to compromise. This 52-page cybersecurity technical report offers practical guidance for admins to manage Kubernetes securely, focusing on the common three sources for a compromised Kubernetes environment.
API security is one of the most important aspects of cybersecurity. The rise of new technologies like microservices, cloud-native applications, IoT devices, single-page applications, serverless, and mobile has led to increased use of APIs. Any internal application elements are now APIs connecting with one other through a network. A game API lets your applications and web services communicate with one another and share information such as rules, settings, specs, and data. These APIs are used to distribute and embed game content and interact with libraries, apps, operating systems, consoles, and more.
Higher education has increasingly been attracting the attention of cybercriminals. In March, the FBI released an advisory in response to a barrage of ransomware attacks on schools, and Inside Higher Education recently reported that colleges and universities are becoming favorite victims of bad actors. It's not just colleges themselves that are being targeted; their vendors and third parties are being attacked in the hopes of compromising an institution’s data. Just last year, several colleges and universities suffered a ransomware attack through a third-party cloud storage provider.
Recently, Facebook announced a new initiative aimed at protecting how its users’ data is managed across its platforms: the Data Protection Assessment. The assessment consists of a questionnaire for apps that access advanced permissions and specifically focuses on how developers protect, share and use platform data. The new Data Protection Assessment went into effect at the end of July, which means that developers need to be aware of the questionnaire’s standards and requirements for any new releases moving forward. Specifically, the assessment seeks to understand how a user’s data will be used, why the data is needed, and when it will come into use.
Doxing is the act of publishing private or identifying information about an individual or organization on the internet. Doxing is short for Dropping Dox (documents), and it only has negative connotations. The intention of doxers is to harass victims by revealing information that's either incriminating, defamatory or just immensely embarrassing. Doxing is sometimes spelled as Doxxing. Though doxing primarily involves dumping confidential information on a publicly accessible website, this isn't always the case. Because doxing is linked to the misuse of private information, social engineering techniques are still classified as doxing because the seized sensitive data is then used to launch cyberattacks.
PGP encryption (Pretty Good Encryption) is a data encryption program used to authenticate and provide cryptographic privacy for data transfers. PGP encryption is used to secure all forms of data and digital transmissions. It's capable of encrypting and decrypting: PGP is a quick-to-implement and cost-effective encryption method.
Recently published by Lionel Gilles, an offensive security researcher based in France, 'PetitPotam' is a proof-of-concept (PoC) tool used for NT LAN Manager (NTLM) relay attacks that, when executed properly, grants threat actors the ability to take over a Windows Active Directory (AD) domain, including domain controllers (DC), where Active Directory Certificate Services (ADCS) are used. Similar to classic in-the-middle (ITM) or replay attacks, PetitPotam applies similar concepts to its relay attack.
Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. In this edition, we’ll learn about the legacy between the healthcare industry and cyberattacks, the vulnerable points in the healthcare system, and how risks can be mitigated. Did you know that for 10th year in a row, the healthcare industry has seen the highest impact from cyberattacks of any industry? Recent research shows that a breach can cost an average of $7.1M for organizations in the healthcare industry.
Using unapproved tools, software, and devices is risky. You never know what vulnerabilities so-called shadow IT may have. The pandemic that began in 2020 put a new spin on the shadow IT problem. The sudden need to handle all processes remotely was a true challenge, since the majority of corporate networks were not configured to be safely accessed by employees from home.
As companies generate an ever-increasing amount of data, security information and event management (SIEM) becomes increasingly challenging. Cybersecurity professionals have more to manage, and as cybercrime rises, there is less time to do so. While big data poses challenges for security teams, it also presents an opportunity. As of 2019, 52.5% of organizations worldwide have been using big data, with another 38% planning to do so in the future. That means companies have a rapidly growing store of information at their disposal: information that can help improve incident response. You can capitalize on this wealth of information with a cybersecurity data lake.
Cybersecurity attacks come in all sorts of ways and from all directions, so perhaps we should not be surprised at one of the latest trends in thieves trying to steal your organization’s data — “vishing” attacks, where they use the plain old telephone.
A vulnerability assessment is the process of identifying IT security weaknesses in your network, operating systems, firewalls, and hardware, and then taking steps to fix them. Penetration testing, also known as “pen testing,” is an intentional, simulated cyberattack against your IT systems to find vulnerabilities and test the efficacy of cybersecurity controls. Both are essential components of a comprehensive vulnerability management and network security protocol. The two terms may seem interchangeable, but differences exist. So what is penetration testing, and how does it differ from vulnerability assessment?
The past year and a half has posed unprecedented challenges to society, at every level. For companies adjusting to a more distributed workforce, with newly remote workers and no central place of business to anchor their teams, the corresponding flood of unmanaged content and shadow IT has been a serious test of their organizational fortitude. For these companies, business-critical content can go unchecked, dispersed between the cloud and corporate hard drives—a scenario known as content sprawl. At Egnyte, we see customers large and small grapple with these challenges, and we’ve worked with them to solve some of the most complex content management issues businesses face today.
DevOps and Agile are popular modern software development methodologies. According to the 14th Annual State of Agile Report, 95% and 76% of the respondents stated that their organizations had adopted Agile and DevOps development methods, respectively. Interestingly, both approaches have the same aim: deliver the end product as efficiently and quickly as possible. Despite the popularity and shared goals of Agile and DevOps methodologies, there is often confusion about what differentiates them from each other. While most organizations are eager to deploy these development practices, they often struggle with the best approach to adopt.
Social media platforms are excellent hunting grounds for scammers. This is where we connect with our friends or people who we have something in common with. This is precisely what scammers exploit—our connections and the trust that is afforded between friends or acquaintances. From an early age, we are taught to be kind and compassionate as well as to help others, especially people we know such as friends and family. In turn, they will help us if we ever need it. This is a socially desired behavior. Most people think and operate in this way.
In today's environment, security teams face a pervasive threat landscape, with the expectation that some threat actors will be successful in bypassing perimeter defenses. To deal with this, security teams must learn how to actively hunt down threats, both outside and inside the perimeter, using solutions, such as Sumo Logic’s Cloud SIEM Enterprise and Continuous Intelligence Platform. At the Modern SOC Summit, Darren Spruell, Senior Threat Analyst on the SpecOps team at Sumo Logic, presented a set of best practices and insights that leverage the experience of the SpecOps team using Sumo Logic tools to explain how to successfully hunt for threats in hybrid environments, including on-premise and single or multiple clouds.
Last year’s IDC’s Cloud Security Survey found that nearly 80 percent of companies polled have suffered at least one cloud data breach in the past 18 months. The top three cloud security threats are security misconfiguration of production environments (67 percent), lack of visibility into access in production environments (64 percent), and improper IAM and permission configurations (61 percent) According to the Cloud Native Security White Paper, in the Identity and Access Management section, it claims applications and workloads should be explicitly authorized to communicate with each other using mutual authentication.
HTTPS (Hypertext Transfer Protocol Secure) is a secured version of HTTP (Hypertext Transfer Protocol). HTTP is a protocol used to transfer data across the Web via a client-server (web browser-web server) model. HTTPS encrypts all data that passes between the browser and server using an encryption protocol called Transport Layer Security (TLS), preceded by Secure Sockets Layer (SSL). This encryption renders data undecipherable until a site owner unlocks it, allowing users to share sensitive data, such as passwords and other personal information, safely and securely over the Internet or a network.
Manual security testing services and automated AppSec tools have their place in DevOps. Knowing which to use will make your security efforts more effective. AppSec tools that can quickly identify secrets or sensitive data accidentally (or intentionally) inserted in source code are crucial in automatically scanning millions of lines of code to find critical security issues. But even the best automated AppSec tools can’t find all security vulnerabilities, especially the ones that require hacking into a website or system architecture. This is where manual testing of business logic flaws in web apps and threat modeling of system designs is necessary.
In a Kubernetes cluster, Control Plane controls Nodes, Nodes control Pods, Pods control containers, and containers control applications. But what controls the Control Plane? Kubernetes exposes APIs that let you configure the entire Kubernetes cluster management lifecycle. Thus, securing access to the Kubernetes API is one of the most security-sensitive aspects to consider when considering Kubernetes security. Even the recently published Kubernetes hardening guide by NSA also suggests to “Use strong authentication and authorization to limit user and administrator access as well as to limit the attack surface” as one of the essential security measures to consider while securing the Kubernetes cluster.